fix IDP-Initiated SAML Login
This commit is contained in:
Jens Langhammer
parent
7033ec0ab9
commit
e0a3ec033f
|
|
@ -33,6 +33,8 @@ class Processor:
|
||||||
"""Base SAML 2.0 AuthnRequest to Response Processor.
|
"""Base SAML 2.0 AuthnRequest to Response Processor.
|
||||||
Sub-classes should provide Service Provider-specific functionality."""
|
Sub-classes should provide Service Provider-specific functionality."""
|
||||||
|
|
||||||
|
is_idp_initiated = False
|
||||||
|
|
||||||
_audience = ''
|
_audience = ''
|
||||||
_assertion_params = None
|
_assertion_params = None
|
||||||
_assertion_xml = None
|
_assertion_xml = None
|
||||||
|
|
@ -291,7 +293,10 @@ class Processor:
|
||||||
def generate_response(self):
|
def generate_response(self):
|
||||||
"""Processes request and returns template variables suitable for a response."""
|
"""Processes request and returns template variables suitable for a response."""
|
||||||
# Build the assertion and response.
|
# Build the assertion and response.
|
||||||
|
# Only call can_handle if SP initiated Request, otherwise we have no Request
|
||||||
|
if not self.is_idp_initiated:
|
||||||
self.can_handle(self._django_request)
|
self.can_handle(self._django_request)
|
||||||
|
|
||||||
self._validate_user()
|
self._validate_user()
|
||||||
self._build_assertion()
|
self._build_assertion()
|
||||||
self._format_assertion()
|
self._format_assertion()
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
"""passbook saml_idp Models"""
|
"""passbook saml_idp Models"""
|
||||||
|
from logging import getLogger
|
||||||
|
|
||||||
from django.contrib.postgres.fields import ArrayField
|
from django.contrib.postgres.fields import ArrayField
|
||||||
from django.db import models
|
from django.db import models
|
||||||
|
|
@ -9,6 +10,8 @@ from passbook.core.models import PropertyMapping, Provider
|
||||||
from passbook.lib.utils.reflection import class_to_path, path_to_class
|
from passbook.lib.utils.reflection import class_to_path, path_to_class
|
||||||
from passbook.saml_idp.base import Processor
|
from passbook.saml_idp.base import Processor
|
||||||
|
|
||||||
|
LOGGER = getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class SAMLProvider(Provider):
|
class SAMLProvider(Provider):
|
||||||
"""Model to save information about a Remote SAML Endpoint"""
|
"""Model to save information about a Remote SAML Endpoint"""
|
||||||
|
|
@ -36,7 +39,8 @@ class SAMLProvider(Provider):
|
||||||
if not self._processor:
|
if not self._processor:
|
||||||
try:
|
try:
|
||||||
self._processor = path_to_class(self.processor_path)(self)
|
self._processor = path_to_class(self.processor_path)(self)
|
||||||
except ModuleNotFoundError:
|
except ModuleNotFoundError as exc:
|
||||||
|
LOGGER.warning(exc)
|
||||||
self._processor = None
|
self._processor = None
|
||||||
return self._processor
|
return self._processor
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -231,4 +231,5 @@ class InitiateLoginView(AccessRequiredView):
|
||||||
def get(self, request, application):
|
def get(self, request, application):
|
||||||
"""Initiates an IdP-initiated link to a simple SP resource/target URL."""
|
"""Initiates an IdP-initiated link to a simple SP resource/target URL."""
|
||||||
self.provider.processor.init_deep_link(request, '')
|
self.provider.processor.init_deep_link(request, '')
|
||||||
|
self.provider.processor.is_idp_initiated = True
|
||||||
return _generate_response(request, self.provider)
|
return _generate_response(request, self.provider)
|
||||||
|
|
|
||||||
Reference in New Issue